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f  ABSTRACT 

\\/4his  paper  explores  some  theoretical  Issues  of  robot  planning  from  the 
perspective  of  propositional  dynamic  logic*  A  generalized  notion  of 
"progression"  and  "regression"  of  conditions  through  actions  is  developed* 
This  leads  to  a  bidirectional  single-level  planning  algorithm  which  is  easily 
extended  to  hierarchical  planning*  Multiple  pre/post-conditlon  pairs,  complex 
(conjunctive,  disjunctive)  goals,  goals  of  maintenance  and  p revent iom^and 
plans  with  tests  are  all  handled  in  a  natural  way.  The  logical  ‘ffaiggrorlty  is 
used  to  clarify  gaps  in  existing  "nonlinear”  and  "hlerachlcal”  planning 
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1.  Introduction 

Although  the  connection  between  the  A. I.  planning  problem  and  automated 
program  synthesis  is  widely  acknowledged,  relatively  little  planning  research 
has  made  explicit  use  o£  concepts  from  the  logic  of  programs*  Such  logics, 
however,  offer  theoretical  insight  into  various  issues  in  A. I.  planning, 
including  compound  goals  and  levels  of  abstraction*  [11,  12,  14,  4]  Many  of 
these  issues  arise  in  their  purest  form  in  domains  describable  in  the 
propositional  calculus  (e*g*  simple  blocks  worlds)  as  evidenced  by  the 
literature  on  the  subject.  [13,  11,  15]  Thus  for  clarity  and  continuity,  we 
choose  the  propositional  setting  to  develop  a  unified,  abstract  treatment  of 
these  issues  using  propositional  dynamic  logic  (PDL)  as  our  primary  logical 
tool.  [7,  5,  8,  9,  3] 

PDL  is  a  decidable  modal  propositional  logic  for  reasoning  about  binary 
state-relations  induced  by  programs.  In  theory,  the  existence  of  such  a  logic 
provides  an  Immediate  "solution"  to  the  propositional  planning  problem:  One 
could  systematically  substitute  all  possible  plans  into  a  schema  (the 
specification)  which  asserts  the  desired  property  of  the  plan.  The  resulting 
expressions  could  be  tested  for  validity  to  filter  out  non-solutions. 
Unfortunately,  this  fact  is  of  little  practical  consequence,  as  such  a 
procedure  is  certain  to  be  grossly  Inefficient.  The  approach  developed  here 
imposes  additional  structure  by  (1)  considering  a  class  of  problems  that 
require,  in  effect,  only  non-modal  reasoning  and  (2)  using  suitable 
"progression"  and  "regression"  operators  to  structure  the  search  for  a 
solution  and  allow  early  pruning  of  hopeless  paths. 

Surprisingly,  even  our  restricted  formulation  covers  a  more  general  class 
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of  problems  chan  are  handled  by  most  comparable  A.I.  planning  methods.  For 
Instance ,  we  allow  goals  Co  be  arbitrary  wffs,  so  disjunctive  goals  (cited  as 
an  unsolved  problem  by  Sacerdotl  [12])  require  no  special  treatment  at  all* 
The  approach  provides  a  theoretical  basis  for  hierarchical  plan  generation 
that  ties  In  directly  with  current  ideas  on  hierarchical  program  development 
(see  section  3.3).  In  addition,  the  use  of  program  logic  provides  a  formal 
basis  for  specifying  and  verifying  the  plan-generating  system  itself. 

Although  our  work  can  be  generalized  along  several  dimensions 
(propositional  axiom  schemata,  plans  with  loops,  quantified 
pre/post-condltions,  etc.),  these  are  beyond  the  scope  of  the  current  paper, 
which  focuses  instead  on  the  essential  structure  of  the  approach.  At  the  same 
time,  it  should  be  noted  that  the  use  of  axiom  schemata  seems  to  be  a  minimal 
requirement  for  a  practical  application.  This  paper  should  be  regarded  as  a 
foundational  study  aimed  at  deepening  our  understanding  of  planning;  a 
separate  paper  will  describe  implementation  considerations.  [10] 

2.  Preliminaries 

This  section  briefly  presents  the  basic  concepts  of  a  loop-free  fragment 
of  propositional  dynamic  logic  (PDL).  The  interested  reader  is  referred  to 
[7,  5,  3]  for  a  more  thorough  treatment  of  dynamic  logic  in  its  entirety. 
Though  dynamic  logic  is  ordinarily  used  to  reason  about  programs ,  it  is 
equally  appropriate  for  reasoning  about  plans  (in  the  A. I.  sense);  thus  in 
this  paper  the  terms  program  and  plan  are  used  interchangeably. 
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2 • 1 .  Syntax 


Let  &  and  &  denote  two  symbol  sets:  atomic  propositions  and  atomic 
actions,  respectively.  Define  wffs  P*>A  and  programs  simultaneously 

(deleting  subscripts  for  convenience) : 

1.  fSP 

2.  as  A 

3.  If  p,q£P  then  -*p,  pVq  €  P 

4.  If  p(  P  and  A  then  <“>p  6  P 

5.  A* A 

6«  If  p  4  P  and  p  is  nonmodal  (see  below)  then  p? fc  A 

7.  If  «*,£  6  A  then  ,  <x<j/3  fc  A 

A  formula  is  nonmodal  if  it  contains  no  subformula  of  the  form  <*>p.  We 
abbreviate  -«(-«p  W-«q)  as  pAq,  '•pVq  as  p=>q,  (paq)A(q»p)  as  pSq,  as 

[*]p,  pVip  as  true,  and  pA-ip  as  false.  Parentheses  are  used  when  necessary 
according  to  the  usual  conventions. 

2«2.  Semantics 

A  structure  S  is  a  triple  (W,n,m)  where  W  is  a  non-empty  set  of  "worlds," 
tt;(P-*2'*,  and  m:d'*2w"^.  That  is,iv  assigns  to  each  atomic  proposition  p 
the  subset  of  W  where  p  holds,  and  m  assigns  to  each  atomic  action  a  the 
binary  relation  over  W  representing  the  next-state  relation  for  a.  Given  a 
structure  S,  meanings  can  be  assigned  to  arbitrary  programs  and  formulae  by 
extending  m  and  IT : 

Meanings  of  Programs 

1.  m(A)  -  <(a,s)  |  sC  W> 

(identity  relation  over  W) 

2.  m(p? )  -  {(s,a)  |  stlT(p)} 

(identity  relation  restricted  to  worlds  where  p  holds) 

3.  m(*;0)  -  m(«)«  m(fi) 

(composition  of  relations) 

4.  m<--0  -  m(«)U  ■(/*) 

(union  of  relations  considered  as  sets) 
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Meanings  of  Formulae 

1.  TT(-«p)  »  W  -  1t(p) 

2.  lt(pVq)  -  ir(p)UTT(q) 

3.  n(<«.>p)  -  {  st  W  |  3  t  €  W.  (s , t)€  m(*)  and  t€TT(p)  } 

The  last  equation  asserts  that  <«.>p  Is  true  in  those  worlds  s  from  which 
another  world  t  is  reachable  via  ot's  next-state  relation  such  that  p  holds  in 
t.  In  general  our  formulas  will  Involve  the  dual  of  <«■>,  namely  [*] .  [<*]p  can 
be  read  "after  p."  The  intent  is  that  p  holds  in  all  worlds  accessible  via 


A  formula  p  is  valid  in  a  structure  S  *  (W,ir,m)  (written  S  £  p)  iff 
TT(p)  «  W;  p  is  valid  (written  Is  p)  iff  it  is  valid  in  every  structure. 

2.3.  Axlomatics 

The  following  system  captures  the  semantics  given  in  the  previous 
section: 

Axioms 

1.  Axioms  of  the  propositional  calculus 

2.  t«](p=q)  a  (|*]pa  Mq) 

3.  [A]p  *  p 

4.  [p? ]q  ff  p3q 

5.  I«;A]p  «  (•*]  (|S]p 

6.  s  [*]p  a  [£]p 

Rales  of  Inference 

1.  From  p,  p3q  derive  q  (Modus  Ponens) 

2.  From  p  derive  [«]p  (Necessitatlon) 

If  a  formula  p  follows  from  these  axioms  under  the  stated  rules  of 
inference,  we  say  it  is  provable  and  write  t-p;  if  p  can  be  proved  from  a  set 
of  assumptions,  Q,  we  write  QH  p. 


2.4.  A  Restricted  Class  of  Programs 

PDL  breaks  the  ordinary  conditional  statement  into  more  primitive  notions 
of  "test"  (?)  and  "non-deterministic  execution"  (V).  Though  we  allow  the 
primitive  actions  to  be  non-deterministic ,  we  shall  only  be  interested  in 
deterministic  combining  forms.  Thus  we  limit  the  use  of  ?  and  O  to  contexts 
of  the  form  (p?;«)  u  (ip?;/S)  and  require  (for  convenience  only)  that  p  be 
atomic.  This  corresponds  to  the  ordinary  conditional,  so  we  abbreviate  this 
program  form  to  p -►<*,£  and  call  the  class  of  programs  obeying  these 
syntactic  restrictions  C-programs  (symbolically  ApA).  The  requirement  that  p 
be  atomic  is  not  restrictive,  since  arbitrary  boolean  combinations  of  tests 
can  be  expressed  by  appropriate  use  of  (possibly  nested)  conditionals.  For 
example,  *«p-»o/,(S  is  equivalent  to  p— *•/&,«*.  (pAq)—*oc,(S  is  equivalent 
to  (p-*(q-*  «  ,/S  ),fi  ),  etc. 

An  important  property  of  our  combining  forms  is  that  they  preserve 
termination;  if  the  primitives  always  terminate,  every  C-program  over  those 
primitives  will  always  terminate.  (Loops  are  conspicuously  absent.)  In  PDL, 
the  fact  that  a  program  «  always  terminates  is  expressed  <»>true. 

3.  A  Planning  Method 

Having  described  a  suitable  language  and  logic,  we  are  now  in  a  position 
to  discuss  planning  methods.  Section  3.1  contains  the  formal  definition  of  a 
(single-level)  "planning  problem"  and  the  corresponding  notion  of  a 
"solution".  This  leads  directly  (section  3*2.2)  to  a  bidirectional 
(single-level)  planning  algorithm  based  on  "progressing"  and  "regressing" 
conditions  through  actions.  Section  3.3  describes  how  the  hierarchical 
planning  problem  can  be  regarded  as  a  succession  of  single-level  problems  in  a 


way  that  makes  the  connection  between  the  levels  logically  precise 


3.1.  Definitions 


V 


A  planning  problem  is  a  triple  (V,Q,R(u>)  where 

&A)  is  the  vocabulary  of  the  problem,  consisting  of  the  atomic 

propositions  and  the  atomic  actions. 1 


Q 


R(u) 


is  a  finite  set  of  axioms,  which  we  will  refer  to  as  domain 
constraints.  Q  is  partitioned  into  two  subsets:  static 

constraints,  which  are  nonmodal  formulae,  and  dynamic 
constraints,  which  are  always  of  the  form  p  3  [a]q,  p  and  q 
being  arbitrary  nonmodal  wffs  and  a  an  atomic  action.  We 
implicitly  assume  an  axiom  of  the  form  <a>true  for  every 
atomic  action  a;  this  expresses  the  fact  that  the  action  a 
always  terminates,  though  Q  may  only  partially  specify  in  what 
state  a  terminates.  We  also  assume  that  Q  is  consistent. 

is  a  finite  set  of  formulae  called  the  plan  constraints.  Like 
the  dynamic  domain  constraints,  each  of  these  is  of  the  form 
p  [u]q  for  nonmodal  p  and  q.  The  symbol  u  is  a  distinguished 
atomic  action  not  contained  in  A. 


A  solution  to  a  planning  problem  (V,Q,R(u))  is  an  expression  ot  in  the 
programming  language  Ay  8uch  that  for  every  r(«x)  (obtained  by  substituting 
«  for  u  in  R),  Q  H  r (<x) .  I*e.,  it  is  provable  from  the  domain  constraints  Q 

that  *  satisfies  all  the  plan  constraints. 2  (Because  of  the  termination 
constraints  on  the  atomic  actions,  <x  is  guaranteed  to  terminate.  So  in  the 
language  of  program  logic,  we  are  talking  about  "total  correctness.") 


*For  some  applications  it  is  desirable  to  constrain  the  programming  language 
to  use  only  a  designated  subset  of  the  propositions  as  tests  in  conditionals. 
This  requires  a  straightforward  modification  of  our  definition  and  will  not  be 
pursued  here. 


^Equivalently  in  semantic  terms:  Structures  that  satisfy  the  domain 

constraints  also  satisfy  the  «-lnstantiated  plan  constraints. 
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3.2.  Finding  Solutions 

Having  defined  "solutions,"  we  turn  our  attention  to  methods  for 
discovering  them.  A  natural  way  of  organizing  the  search  for  solutions  is  to 
follow  the  syntactic  structure  of  the  programming  language. 

Recall  that  a  program  is  either  A  ,  an  atomic  action  a,  or  a  composite  of 
the  form  *  or  where  *  and  ft  are  programs  and  t  is  an  atomic 

proposition.  It  will  simplify  the  algorithm  to  consider  only  programs  in  a 
normal  form,  which  we  now  define* 

3.2.1*  Normal  Form  for  Conditional  Plans 

A  program  is  in  normal  form  if  it  consists  of  a  sequence 3  of  0  or  more 
atomic  actions  followed  optionally  by  a  conditional  program  both  branches 
of  which  are  in  normal  form,  followed  in  turn  by  0  or  more  further  atomic 
actions.  More  formally,  a  program  is  in  normal  form  if  it  can  be  written  as 
Aj....;^,  n  >  0,  with  at  most  one  A^  not  atomic,  in  which  case  A^  is  of  the 
form  t-*Bj,  B2  where  both  Bj  are  themselves  in  normal  form.^  The  null 
sequence  is  identified  with  A,  and  we  take  A;«  -  <*;A  -  <X . 

We  have  not  lost  any  essential  solutions  by  insisting  on  this  form  since 
every  C-program  can  be  put  into  normal  form  by  transforming  the  longest 
(length  >  1)  sequence  of  steps  whose  first  and  last  steps  are  conditionals 


^Since  ";"  is  associative,  we  write  sequences  a;b;...;c  without  indicating 
order  of  association. 


^Warren's  method  [17]  for  Introducing  conditionals  produces  plans  of  an 
even  more  restricted  form:  the  conditional  must  be  the  last  action  in  the 
sequence.  I.e«,  a  plan,  once  split,  may  never  rejoin.  This  is  not  an 
essential  limitation,  but  it  introduces  a  somewhat  greater  degree  of 
redundancy  "han  our  f  >rm.  We  note  in  passing  that  Warren's  view  of  the 
conditional  eat  as  -  action,  has  much  in  common  with  PDL's  p?  action. 
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into  a  single  conditional  as  follows: 

<s-*A,B);  ...  ;  (t-*C,D) 

(s  Aj* . .  i  ( t  CjD)  t  B;« . . ;  (t C ,D ) ) 

and  applying  this  transformation  recursively  to  A,  B,  and  the  residual 
. . . ; (t  — ♦  C,D) . 

3.2.2.  An  Algorithm 


Suppose  we  are  looking  for  a  normal-form  program  «  that  satisfies  one  of 
the  dynamic  constraints  p3  [<x]q  in  R*  Consider  the  following  cases 
corresponding  to  the  possible  forms  of  Q(  : 

1.  oi  m  A  .  This  is  a  solution  if  Q  h  p3q. 

2.  <* -  a;/3  or  fi;a  for  some  atomic  action  a.  In  the  former  case, 

m  is  a  solution  if  Q  h  p/a3[/3]q  ,  where  p/a  represents  the 
strongest  provable  post-condition  of  p  and  a.  Analogously,  in  the 
second  case,  is  a  solution  if  Q  h  p  3  [|S]a\q  where  a\q  is  the 
weakest  provable  precondition  of  a  and  q.  Ue  call  the  former  case 
"progression"  and  the  latter  "regression." 

3.  <*  -  t«^,£  2>  In  this  case,  o<  is  a  solution  if 

Q  H  pA  t  m  t^jjq  and  Q  H*  p  Ai  t  ? 

We  see  that  (1)  defines  success,  (2)  suggests  forward  and  backward  strategies 
for  sequential  steps,  and  (3)  suggests  a  forward  strategy  for  conditionals. 


In  addition,  we  see  that  there  are  several  obvious  ways  to  limit  the 
search.  First,  if  p  d  p/a,  the  forward  search  need  not  consider  action  a.  (A 
special  case  of  this  arises  when  p/a  -  true.)  Dually,  if  a\q3  q,  the 
backward  search  need  not  consider  a.  (Here  we  have  a  special  case  when 
a\q  ■  false.)  These  checks  eliminate  self-loops.  We  can  eliminate  cycling  in 
the  search  space  altogether  if  we  are  willing  to  pay  the  price  of  checking 

whether  »  p/a  for  any  p^  in  the  leading  chain  of  preconditions.  Likewise 
we  can  check  whether  a\q  o  q^  for  any  qj  in  the  trailing  chain  of 
postconditions.  Note  also  that  if  p?  t  or  ps^  t,  the  forward  conditional 
search  involving  t  need  not  be  pursued.  p/a  can  never  be  falsa  since  this 
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would  Imply  failure  of  a  to  terminate,  contradicting  our  assumptions  about  the 
domain  constraints  Q. 

These  observations  lead  immediately  to  the  following  non-deterministic 
algorithm  for  computing  solutions  for  the  single  constraint  p  3  [<*]q: 
(Multiple  constraints  will  be  discussed  later.) 

BIGRESSION5  ALGORITHM 

Assume  p,  q  are  not  false. 

Solve (p ,q)  ■  Bigress(p ,q, A ,A  ). 

Bigress(pre, post, leader, trailer) : 

IF  Q  I-  pre  ^  s«st  THEN  RETURN (  leader ;  trailer  ). 

CHOOSE: 

CHOOSE  <a,  pre/a>  from  LiveForward(pre) : 

RETURN (  Bigress(  pre/a,  post,  leader ;a,  trailer  )  ) 

CHOOSE  <a,  a\post>  from  LiveBackward(post) : 

RETURN (  Bigress(  pre,  a\post,  leader,  a;trailer  )  ) 

CHOOSE  t  from  NonTriv(pre) : 

RETURN (  leader;  C  ;  trailer  ) 

where  C  ■  (t  -*  Blgress(pre  A  t,  post.  A,  A), 

Blgress(pre  A*,  t,  post,A,A)) 

LiveForward(p) : 

IF  M  s 

where  S  ■  {  <a,  p/a>  |  aid,  Q  W-  p  O  p/a) 

THEN  RETURN (  S  ) 

ELSE  FAIL ( ) . 

LiveBackward (q ) : 

IF  4  S 

where  S  ■  {  <a,  a\q>  J  aid,  Q  M*  a\q  O  q) 

THEN  RETURN (  S  ) 

ELSE  FAIL ( ) • 

^"Bigression"  stands  for  "bidirectional  progression  and  regression." 
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NonTriv(p) : 

IF  0  +  S 

where  S  ■  {  t  |  t  €  <P ,  Q  (*  pa  t,  Qi^-  p3it} 

THEN  RETURN (  S  ) 

ELSE  FAIL ( ) • 

The  algorithm  aa  presented  finds  solutions  for  a  single  plan  constraint. 
However  the  extension  to  the  general  case  Is  straightforward:  To  insure  that 
all  the  plan  constraints  are  met,  a  "Cartesian  product"  version  of  this 
algorithm  must  be  run.  A  failure  in  any  of  the  constraint  components  counts 
as  failure  and  serves  to  prune  that  branch. 

The  bigression  algorithm  makes  use  of  three  additional  auxiliary 
functions:  "Qt-",  "/",  and  "\".  "Qh-"  is  a  procedure  which  takes  as  input  a 

nonmodal  formulae  p  and  decides  whether  p  is  provable  from  Q.  If  the  static 
axioms,  Qg>  are  rich  enough, ^  this  check  can  be  done  using  only  nonmodal 
reasoning,  i.e.,  ordinary  propositional  decision  methods.  The  functions  "/" 
(progression)  and  "\"  (regression)  are  the  subject  of  the  next  section. 

3>2.3.  Progression  and  Regression 

Ideally,  we  would  like  p/a  to  compute  the  strongest  postcondition  of 
condition  p  and  action  a.  Similarly,  we  would  like  a\q  to  compute  the  weakest 
precondition.  [1,  15]  In  PDL,  the  weakest  precondition  of  p  and  a  can  be 
expressed  simply  as  [a]p,  which  is  obviously  the  weakest  formula  implying 
"after  a,  p"i  The  strongest  postcondition  can  be  expressed  using  a  "converse" 
operator  which  we  have  not  described.  (See  [5] . ) 

^Specifically,  Qs  BUst  generate  all  the  nonmodal  formulae  generated  by  all 
of  Q.  In  certain  pathological  cases,  such  as  when  Q  contains  a  dynamic  axiom 
of  the  form  p  a  [a] false,  Q  would  have  to  be  extended  to  include  extra  static 
axioms,  since  pa  [a] false  and  <a>true  together  imply  **p — e  nonmodal  formula 
derivable  only  through  modal  reasoning. 
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However,  given  the  restricted  £orm  of  our  dynamic  axioms,  there  will  be 
no  propositional  formula  provably  equivalent  to  either  of  these  modal 
formulae.  On  the  other  hand,  we  can  effectively  compute  the  weakest 

precondition  pre  and  strongest  postcondition  post  for  which  it  is  provable 
from  Q  that  pre  implies  "after  a,  q"  and  p  Implies  "after  a,  post."  It  is 
these  propositional  formulae  that  we  label  p/a  and  a\q. 

The  formula  p/a  is  found  by  taking  the  conjunction  of  the  set  of  formulae 
each  of  which  is  a  disjunction  of  a  set  of  drawn  from  the  "right  hand  side" 
of  the  dynamic  axioms  of  Q  (pA  [a^)  such  that  the  disjunction  of  the 
corresponding  p^s  is  implied  by  p.  Dually,  a\q  is  found  by  taking  taking  the 
disjunction  of  the  set  of  formulae  each  of  which  is  a  conjunction  of  a  set  of 

Pi  drawn  from  the  "left  hand  side"  of  the  dynamic  axioms  of  Q  (pi  =>  [ajqi> 
such  that  that  conjunction  of  the  corresponding  q^s  implies  q. 

Consider  the  following  sample  axioms: 

A  =»[a]  (B  V  C) 

G  D[a]  ''B 

(Fa  E)  Dial  D 

In  this  case,  a\(CVD)  -  (AAG)  v  (Fae).  The  reason  for  this  is  that  (B  V  C) 
conjoined  with  ■>B  implies  (CVD),  so  the  conjunction  of  the  corresponding 
left-hand  sides  (A  A  G)  is  one  disjunct  of  a\(CV  D).  Likewise,  the  formula  D 
alone  implies  (CVD),  making  the  '  corresponding  left-hand  side  (FA  E)  the 
second  disjunct.  These  two  cases  exhaust  the  possibilities  for  getting 
(CVD). 

The  reason  why  the  formulas  p/a  and  a\q  defined  in  this  way  are  not 
exactly  equivalent  to  strongest  postcondition  and  weakest  precondition  lies  in 
the  nature  of  our  atomic  actions.  Briefly,  in  the  context  of  programming 


languages  one  typically  begins  with  primitives  whose  semantics  are  fully 

characterized  and  focuses  on  characterizing  the  derived  operations 

(sequencing,  etc.)  [1]  For  example,  the  weakest  precondition  for  the 

assignment  primitive  is  given  by 

wp("x:-  E",  P(x))  -  P(E). 

This  equation  asserts  that  the  weakest  precondition  for  condition  P  and  action 
"x  gets  E"  is  precisely  P  with  E  substituted  for  x. 

In  our  case,  however,  the  primitive  actions  are  specified  only  by  axioms 
giving  one-way  implications.  Thus,  unless  we  make  assumptions  of  a 
"non-monotonic"  nature,  we  would  generally  be  able  to  consistently  add  axioms 
that  "weaken"  the  precondition  or  "strengthen"  the  postcondition  of  an  action. 
Since  "provably  weakest"  is  unattainable,  we  make  do  with  "weakest  provable." 
This  does  not  affect  the  completeness  of  the  search  algorithm,  since  we  are 
only  looking  for  programs  which  provably  satisfy  the  specifications. 

3.3.  Hierarchical  Planning 

The  key  observation  in  extending  the  single-level  algorithm  to 
multi-level,  hierarchical  planning  is  that  an  atomic  action  at  level  k  is  a 
plan  to  be  solved  for  at  level  k+1.  This  point  of  view  is  possible  because  of 
the  way  the  planning  problem  was  formalized.  Specifically,  an  atomic  action 
is  described  by  a  set  of  dynamic  axioms  in  Q.  Likewise,  the  desired  program  is 
described  by  a  set  of  dynamic  axioms  in  R.  Since  the  same  formal  objects, 
namely  sets  of  dynamic  axioms,  are  involved  in  both  cases,  it  is  natural  to 
assume  as  primitive  some  action  with  given  properties  at  level  k  and  then 
solve  for  a  program  having  those  properties  at  level  k+1. 


Formally,  a  hierarchical  planning  problem  is  a  tree  of  single-level 
problems.  If  <V<*k  ,^k>,Qk,Rk(uk)>  is  the  problem  at  non-leaf  node  k,  then 
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node  k  has  one  successor  for  each  a^^  in  ®k*  and  that  successor's  problem  has 
the  form  ^k+ljQk+^Q'  (ak,i)  >  where  Q'  denotes  the  subset  of  dynamic  axioms  of 
Qk  having  the  form  p  3  [a^iJq.  In  other  words,  the  domain  constraints  on  the 
primitive  "a"  at  level  k  become  plan  requirements  at  level  k+1.  A  solution  is 
a  plan  using  the  vocabulary  of  the  leaf  nodes  that  satisfies  the  requirements 
of  the  root  node.  I.e.,  <x  is  a  solution  If  It  solves  <vn,Qn,Ri(ui)>.  The 
propositional  vocabulary  and  action  vocabulary  can  change  from  level  to  level, 
provided  the  domain  axioms  have  enough  inferential  structure  to  make  the 
transfer  from  level  to  level  meaningful* 

Obviously,  for  any  node  k,  only  the  successor  nodes  corresponding  to 
actions  actually  used  in  the  solution  need  be  solved.  Furthermore,  the 
existence  of  a  solution  for  each  of  these  nodes  guarantees  the  existence  of  an 
overall  solution. 

As  with  other  hierarchic  planners,  the  main  benefit  of  levels  in  our 
approach  is  heuristic:  The  choice  of  intermediate  vocabularies  and  domain 
axioms  constitutes  a  choice  of  "planning  islands."  Any  algorithm  that  tries 
to  solve  a  problem  by  solving  the  nodes  in  the  hierearchy  is,  in  essence, 
searching  for  a  plan  constrained  to  go  through  the  states  defined  by  the 
intermediate  actions'  domain  constraints.  The  main  benefit  of  logic  here  is 
to  define  a  reasonable  relation  between  the  levels,  namely  the  relation: 
"correctly  implements." 

For  a  fixed  determination  of  levels  and  a  small  number  of  actions  it 
would  be  possible  to  precompute  solutions  to  the  subproblems,  in  which  case 
after  solving  the  problem  at  the  top  level,  the  system  would  act  more  like  a 
compiler  than  a  problem  solver.  In  dynamic  situations  when  the  lower-level 


actions  (in  effect,  the  "tools”  for  solving  the  problem)  are  changing  or  when 
only  a  small  number  of  actions  are  ever  actually  used,  it  seems  more  natural 
to  solve  subproblems  as  they  arise. 

4.  Discussion 

4.1.  Modeling  Actions:  The  Legacy  of  STRIPS  Operators 

Much  of  the  research  into  the  control  of  planning  has  been  carried  out  in 
the  STRIPS  paradigm.  [2,  6]  In  this  approach,  actions  are  regarded  not  as 
mappings  from  states  to  states,  but  rather  as  syntactic  transformations  of 
state-descriptions  to  state-descriptions,  where  state-descriptions  are  logical 
formulae.  One  consequence  is  the  oft-cited  benefit  of  not  needing  to  mention 
the  various  "frame  conditions,"  i.e.  the  properties  which  are  invariant  under 
an  action-7  Unfortunately,  the  need  for  operators  to  be  sensitive  to  the 
syntax  of  state  descriptions  led  researchers  to  consider  only  very  simple 
state  descriptions  (e.g.  sets  of  atomic  propositions)  and  very  simple 
transformations  (e.g.  add-lists  and  delete-lists). 

As  an  example  of  an  action  that  is  difficult  to  specify  with  a  single 
add-list/delete-list  pair,  consider  the  action  toggle  described  by  a  pair  of 
dynamic  axioms: 

On(light)  3  [  toggle(swltch)  ] -i  On(light) 

-i  On  (light)  3  [  toggle  (switch)  }  On(light) 

Since  the  post-condition  depends  conditionally  on  the  pre-condition,  it  cannot 

be  determined  isolation  whether  toggle  adds  or  deletes  the  wff  On (light).  The 

same  would  hold  true  for  actions  with  disjunctive  post-conditions. 

These  possibilities  notwithstanding,  many  planning  systems  do  make  the 

7However,  these  invariants  need  not  be  as  large  an  obstacle  to  practical 
Implementation  as  is  commonly  supposed  (see  [10]). 
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assumption  that  the  truth  of  a  given  atomic  proposition  in  the  state  resulting 
from  applying  a  sequence  of  operators  is  a  determinate,  calculable  thing* 
Techniques  which  rely  crucially  on  these  assumptions  are  sometimes  difficult 
to  adapt  to  less  constraining  assump tions .  We  give  two  illustrations  from 
NOAH.  [11] 

4.2.  Nonlinear  Planning:  Problems  with  Partial  Orders  and  Shuffles 

The  basic  idea  behind  nonlinear  planning  is  the  following:  To  solve  a 
conjunctive  goal  G1  &  G2,  find  a  sequence  SI  -  a;b;...;c  which  achieves  G1  and 
another  sequence  S2  -  d;e;...;f  which  achieves  G2.  Represent  the  overall  plan 
as  a  network  of  partially  ordered  actions  with  SI  and  S2  as  parallel  branches. 
Now  use  the  "resolve  conflicts  critic"  to  detect  interference  between  the 
plans  and  impose  additional  ordering  constraints  among  the  actions  to  rule  out 
the  interference.  The  network  encodes  the  subset  of  possible  shuffles  of  SI 
with  S2  which  are  believed  to  achieve  the  overall  goal  G1  &  G2. 

For  the  resolve  conflicts  critic  to  filter  Interference  correctly,  it 
must  know  what  is  true  at  each  node  of  the  network.  Unfortunately,  for  nodes 
that  occur  after  joins,  what  is  true  depends  crucially  on  the  ultimate 
linearization  of  the  parallel  branches.  In  the  general  case,  the  best  that 
can  be  done  is  to  represent  the  disjunction  of  the  strongest  postconditions  of 
the  alternative  linearizations. ®  This  requires  considering  the  alternatives, 
of  which  there  are  (“J11)  where  m  and  n  represent  the  lengths  of  the  action 
sequences  in  the  two  parallel  branches.  Since  it  is  easy  to  Imagine  cases 
where  resolve-conflicts  criticism  would  be  an  expensive  operation,  the  belief 

^Actually,  NOAH  does  not  represent  disjunctive  postconditions—  which  may 
explain  why  disjunctive  goals  are  considered  problematical. 
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thac  using  a  nonlinear  strategy  is  computationally  efficient  seems  to  be 
grounded  in  the  empirical  hypothesis  that  operators  encountered  in  practice 
will  permit  easy  detection  of  conflicts. 

4.3*  Hierarchical  Planning:  Problems  with  Heuristic  Decompositions 

The  justification  for  partial  orderings  in  NOAH  is  tied  up  with  a  desire 
not  to  prematurely  commit  the  system  to  a  particular  linear  order  of  actions 
which,  though  seemingly  correct  at  one  level,  may  expand  into  incorrect  plans 
at  lower  levels.  This  possibility  can  only  arise,  of  course,  if  the  relation 
between  levels  ("plan  A  achieves  the  same  effect  as  action  a")  is  not  exact. 
However,  such  Inexactness  undermines  the  original  rationale  for  hierarchic 
planning,  namely  factorization  of  complexity,  since  it  destroys 
compositionality  and  requires  that  we  check  complex  lower-level  plans  for 
"unexpected"  global  interactions.  Again,  an  empirical  hypothesis  is 
presumably  invoked,  namely  that  by  some  suitable  metric,  the  plan  comes 
"close"  to  implementing  the  abstract  action.  (It  is  not  Immediately  obvious, 
though,  what  metric  could  be  meaningful  for  the  space  in  question.) 

4.4.  Some  Benefits  of  Bigression 

Some  of  che  benefits  of  regression  were  first  discussed  by  Waldlnger 
[IS]  and  appreciated  by  Warren.  [16]  These  benefits  are  reaped  dually  by 
including  progression,  which  conpletes  the  logical  symmetry  and  allows 
bidirectional  search.  As  we  have  described  them,  the  progression  and 
regression  operations  handle  arbitrary  boolean  formulas,  thus  solving 
conjunctive  and  disjunctive  goals  as  special  cases  of  a  more  general  strategy. 
Goals  of  maintenance  and  prevention  can  be  incorporated  into  the  algorithm  as 
well  by  expressing  as  (nonmodel)  wffs  the  condition  to  be  maintained  (m)  and 
the  condition  to  be  prevented  (v).  Since  the  planning  algorithm  actually 
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develops  a  descriptive  wff  (d)  for  each  state  reachable  during  plan  execution, 
it  is  straightforward  to  add  a  check  to  the  procedures  LiveForward, 
LiveBackward,  and  NonTriv  eliminating  paths  through  states  where 
QHd^'iaVv  This  simple  approach  will  work  in  situations  where  no 

dynamic  replanning  is  anticipated;  goals  of  maintenance  and  prevention 
involving  execution  monitoring,  feedback  and  replanning,  require  more  complex 
strategies. 
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9  For  a  more  thoroughgoing  treatment  of  reasoning  about  processes  with 
intermediate  states,  see  [9]  • 
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